diff options
-rw-r--r-- | src/session.c | 32 |
1 files changed, 17 insertions, 15 deletions
diff --git a/src/session.c b/src/session.c index 87e92376..667738c4 100644 --- a/src/session.c +++ b/src/session.c @@ -64,10 +64,18 @@ static struct { int max; int timeout; int apicount; - const char *initok; + char initok[37]; struct afb_event_listener_list *listeners; } sessions; +/* generate a uuid */ +static void new_uuid(char uuid[37]) +{ + uuid_t newuuid; + uuid_generate(newuuid); + uuid_unparse_lower(newuuid, uuid); +} + // Free context [XXXX Should be protected again memory abort XXXX] static void ctxUuidFreeCB (struct AFB_clientCtx *client) { @@ -84,21 +92,20 @@ static void ctxUuidFreeCB (struct AFB_clientCtx *client) // Create a new store in RAM, not that is too small it will be automatically extended void ctxStoreInit (int max_session_count, int timeout, const char *initok, int context_count) { - // let's create as store as hashtable does not have any sessions.store = calloc (1 + (unsigned)max_session_count, sizeof(struct AFB_clientCtx)); sessions.max = max_session_count; sessions.timeout = timeout; sessions.apicount = context_count; - if (!initok) { - ERROR("\"--token=\" parameter is mandatory"); - exit(1); - } - if (strlen(initok) >= sizeof(sessions.store[0]->token)) { + if (initok == NULL) + /* without token, a secret is made to forbid creation of sessions */ + new_uuid(sessions.initok); + else if (strlen(initok) < sizeof(sessions.store[0]->token)) + strcpy(sessions.initok, initok); + else { ERROR("initial token '%s' too long (max length 36)", initok); exit(1); } - sessions.initok = initok; } static struct AFB_clientCtx *ctxStoreSearch (const char* uuid) @@ -200,7 +207,6 @@ static void ctxStoreCleanUp (time_t now) // This function will return exiting client context or newly created client context struct AFB_clientCtx *ctxClientGetSession (const char *uuid, int *created) { - uuid_t newuuid; struct AFB_clientCtx *clientCtx; time_t now; @@ -231,8 +237,7 @@ struct AFB_clientCtx *ctxClientGetSession (const char *uuid, int *created) /* generate the uuid */ if (uuid == NULL) { - uuid_generate(newuuid); - uuid_unparse_lower(newuuid, clientCtx->uuid); + new_uuid(clientCtx->uuid); } else { strcpy(clientCtx->uuid, uuid); } @@ -302,13 +307,10 @@ int ctxTokenCheck (struct AFB_clientCtx *clientCtx, const char *token) // generate a new token and update client context void ctxTokenNew (struct AFB_clientCtx *clientCtx) { - uuid_t newuuid; - assert(clientCtx != NULL); // Old token was valid let's regenerate a new one - uuid_generate(newuuid); // create a new UUID - uuid_unparse_lower(newuuid, clientCtx->token); + new_uuid(clientCtx->token); // keep track of time for session timeout and further clean up clientCtx->expiration = NOW + sessions.timeout; |